File Repository

Search Categories All Items ALL Discovery Tools Brute-Force Tools Encryption Tools Miscellaneous Sort by Date Downloads User Rating Title Author Name CreatedDate < BACK 1 of 1 NEXT >

sqlver 1.1 Frank Brown added some additional features to my original sqlver application. His added features include: 1. default port to 1433 if none specified 2. match & print description string for internal version # 3. replaced dns.resolve with dns.getHostEntry (resolve is deprecated). New version 1.1 File size 5 K Downloads 166 Date Thu 01/21/2010 @ 08:01 Author Chip Andrews EMail chip@sqlsecurity.com RATING:     DOWNLOAD mcpscripts.zip Script files from my June 2000 MCP Magazine article on constructing your own log-based Intrusion Detection System. by Chip Andrews File size 2 K Downloads 3232 Date Mon 04/13/2009 @ 04:38 Author EMail RATING:     DOWNLOAD SQLPing3 Command Line - Alpha Here is the alpha release of the command-line version of SQLPing3. Please provide any feedback here at the download area for any errors or comments you have concerning this version. Keep in mind that this alpha release only contains the high-level switches. The ability to disable or alter the scan options will come later once the application is stabilized. For now the command-line switches are as follows: SQLPing3cl - SQLPing3 Command Line version - alpha release Syntax: sqlping3cl.exe -scantype [range,list,stealth] -StartIP [IP] -EndIP [IP] -IPList [FileName] -UserList [FileName] -PassList [FileName] -Output [FileName] Currently -scantype is the only required parameter. IPs will default to 127.0.0.1 if nothing is provided. The default output file is output.txt. File size 19 K Downloads 11246 Date Tue 02/05/2008 @ 05:17 Author Administrator Account EMail RATING:     DOWNLOAD SQLPing 3.0 SQLPing 3.0 performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLPing 3.0 is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required. (Note: Due to .NET policy restrictions on most computers, you'll need to execute the SQLPing 3.0.exe program from a local drive in order to get the full functionality). SQLPing 3.0 adds brute-force password capabilities and the ability to brute-force multiple instances (which was lacking in SQLPing 2.x). Notes: SQLPing 3.0 is the evolution of the SQLPing product to the .NET Framework using code from SQLRecon. I have incorporated the brute-force capabilities of SQLPing2 into this version so that it should now contain all features from SQLPing2 and we can finally retire that code. Please let me know if you have any questions or concerns. Sample userlist and password files are included for demonstration purposes. It is highly recommended you replace them with your own custom dictionaries. File size 36 K Downloads 32134 Date Tue 02/05/2008 @ 05:16 Author Administrator Account EMail RATING:     DOWNLOAD SQLRecon 1.0 - .NET Framework 2.0 SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. .NET Framework v2.0 Required. (Note: Due to .NET policy restrictions on most computers, you'll need to execute the sqlrecon.exe program from a local drive in order to get the full functionality) Documentation available at: http://www.specialopssecurity.com/labs/sqlrecon File size 212 K Downloads 14785 Date Tue 03/27/2007 @ 08:03 Author Chip Andrews EMail RATING:     DOWNLOAD SQLPing 2 GUI Version of SQLPing that also includes IP range scanning and brute forcing password checking. Want good fun? On a large development network, put in the network broadcast address in the discovery form. How many SQL Servers can you find? by Chip Andrews. Thanks to Beth Breidenbach and Joseph Kowtko for contributing the IP list functionality. Warning: SQL Server returns only the base version in its SQL Resolution packet. SQLPing shows this info as received. It is not the TRUE version. *Updated 3/2/04 for more speed, better output, and adjustable scan wait times.  *Updated 3/9/2006 for a fix that prevented brute force scans from showing more than one result Current version is 2.6 File size 1584 K Downloads 36264 Date Thu 03/09/2006 @ 10:28 Author Chip Andrews EMail RATING:     DOWNLOAD SQLPingv1.1 SQLPing can be used to discover detailed information about the connectivity of SQL Server 2000 installations without authentication of any kind. Great tool to track down rogue SQL Server 2000 boxes on your networks or on the Internet - by Chip Andrews (source included) File size 19 K Downloads 10283 Date Fri 07/29/2005 @ 05:38 Author EMail RATING:     DOWNLOAD Vulnerability Scan Script This is a vulnerability scanning script submitted by Carlos Perez. It scans your SQL Server instance looking for misconfigurations or insecure settings that you should investigate. File size 11 K Downloads 10131 Date Tue 06/14/2005 @ 08:41 Author Carlos Perez EMail RATING:     DOWNLOAD DTS Password Decryptor DTSConnPass - utility to decrypt DTS package Connection passwords. File size 34 K Downloads 6449 Date Tue 03/01/2005 @ 05:04 Author Jimmers EMail RATING:     DOWNLOAD SQLPing.NET 1.3 Beta This is a pre-release of the 1.3 version of SQLPing for .NET. The new feature added to this version is the capability to determine the actual ssnetlib.dll SQL Server version rather than simply the base version as previous SQLPing editions reported. While not SQLPing's fault (the SQL Resolution Service reports only the base version), this version attempts to rectify that limitation by initiating a connection to the SQL Server. Note that no authentication is needed. Feedback welcome. File size 6 K Downloads 4455 Date Tue 03/01/2005 @ 04:26 Author Chip Andrews EMail RATING:     DOWNLOAD SQLVer Determines ssnetlib.dll version of SQL Server without the need to log into the server. Uses techniques from SQLPing.NET 1.3 beta but does not actually use the UDP 1434 packet for enumeration. This tool simply connects to the specified TCP port and gets to work! C# Source included. Requires .NET framework. File size 4 K Downloads 6697 Date Tue 03/01/2005 @ 04:25 Author Chip Andrews EMail RATING:     DOWNLOAD SQLPing.NET My .NET port for the 1.2 version of SQLPing. Source included. Written in C#. by Chip Andrews File size 5 K Downloads 3832 Date Thu 01/22/2004 @ 06:07 Author Chip Andrews EMail RATING:     DOWNLOAD sp_password.sql Modified sp_password stored procedure (tested for SQL 7 - not 6.5) that checks for password strength when changing passwords. Make sure to create a user-defined alert #50001 to display your error. This is proof-of-concept code - not a recommended implementation. by Chip Andrews File size 1 K Downloads 3616 Date Thu 01/22/2004 @ 06:04 Author Chip Andrews EMail RATING:     DOWNLOAD sqlbf.zip SQL Server password brute forcing tool by xaphan. Usage: Usage: sqlbf [ODBC NetLib] [IP List] [User list] [Password List] ODBC NetLib : T - TCP/IP, P - Named Pipes (netBIOS) IP list - text file containing list of IPs to audit User list - text file containing list of Usernames Password List - text file containing list of passwords File size 40 K Downloads 6898 Date Thu 01/22/2004 @ 05:49 Author xaphan EMail RATING:     DOWNLOAD audit.sql Quick little script to check all of your user accounts for weak passwords if you have created a dictionary file somewhere on your server. (see dict.zip) File size Downloads 4379 Date Wed 01/21/2004 @ 05:19 Author EMail RATING:     DOWNLOAD sp_decrypt_7.sql Stored Procedure for SQL Server 2000 that will decrypt encrypted stored procs from a SQL 7 installation. by Jimmers File size Downloads 3203 Date Wed 01/21/2004 @ 05:18 Author EMail RATING:     DOWNLOAD version.sql SQL Script by Ken Klaft to get the exact patch level of a SQL Server by querying the version number. Easily scriptable to allow you to check your entire network for compliance. File size Downloads 3762 Date Wed 01/21/2004 @ 05:18 Author EMail RATING:     DOWNLOAD DTSRunDec Tool by Jimmers to decrypt DTSrun parameters. File size Downloads 6455 Date Tue 01/13/2004 @ 10:59 Author EMail RATING:     DOWNLOAD SQL Shield SQL Shield is a built-in tool for MSSQL 7, 2000 and MSDE servers that claims hacker-proof encryption for triggers, views and procedures. None of the currently available SQL decryptors are capable of cracking SQL Shield encryption. File size Downloads 2224 Date Sun 01/11/2004 @ 04:41 Author EMail RATING:     VISIT XP_CRYPT Easy-to-use, affordable, and effective security solution for encrypting column and row data in MSSQL Server and Oracle . File size Downloads 1705 Date Sun 12/28/2003 @ 05:05 Author EMail RATING:     VISIT EnforcePass.Zip EnforcePass is a Password Enforcement mechanism, which helps DBAs or any one who is concerned about their database security, to enforce strong passwords. It ensures that users do not choose weak passwords by modifying the sp_password stored procedure. by Nilesh Burghate File size Downloads 2097 Date Sun 12/28/2003 @ 05:05 Author EMail RATING:     VISIT Websleuth Pluggable Web Application Scanner with a plug-in for SQL Injection testing. Useful for spider-ing sites, testing forms, and general application-layer mayhem. File size Downloads 3732 Date Sun 12/28/2003 @ 05:04 Author EMail RATING:     VISIT Extended Stored Proc Removal and Restore Scripts Scripts to remove and later restore dangerous extended stored procedures (usually to install service packs). by Mark Hatfield and Mohammed Alam of Shavlik Technologies (www.shavlik.com) File size Downloads 1496 Date Sun 12/28/2003 @ 05:04 Author EMail RATING:     DOWNLOAD forceSQL SQL Server password brute force tool that can be used with or without a dictionary. by Nilesh Burghate http://www.nii.co.in/tools.html File size Downloads 6056 Date Sun 12/28/2003 @ 05:03 Author EMail RATING:     DOWNLOAD sql2kpwdtools.zip This is a SQL Server 2K Stored Proc Decrypter + some additional tools. Submitted by Joseph Gama with some additional code from Mark Litchfield and Chris Anley of NGSSoftware. File size Downloads 3541 Date Sun 12/28/2003 @ 05:02 Author EMail RATING:     DOWNLOAD decrypt_odbc_sql.txt Stored proc to decrypt ODBC obfuscated data. When using {Encrypt N'text'} ODBC function to "encrypt" data (what a joke), this routine will allow you to reverse the process. by jimmers File size Downloads 1922 Date Sun 12/28/2003 @ 05:02 Author EMail RATING:     DOWNLOAD sqllhf.zip SQL Server Brute Forcing tool featuring a scriptable command-line interface, scans networks larger than class C, and IP list support. by Matthew Wagenknecht File size Downloads 3312 Date Sun 12/28/2003 @ 05:01 Author EMail RATING:     DOWNLOAD sqlpoke.zip Used to scan a range of IP addresses for SQL Servers and then execute a predefined script. Could be used to track down SQL Servers in your own organization and ensure they stay locked down. - by xaphan File size Downloads 2945 Date Sun 12/28/2003 @ 05:00 Author EMail RATING:     DOWNLOAD sqldict.zip Brute-force SQL Server password utility. Good for auditing SQL Server passwords in your organization. Don't use this power for evil - by Arne Vidstrom. File size Downloads 8014 Date Sun 12/28/2003 @ 05:00 Author EMail RATING:     DOWNLOAD dict.zip Sample dictionary file to be used for password strength testing. . Create a table called 'dict' with one field (varchar(128) should do since that's the maximum size of a standard security password in SQL 7) called 'word' and then do a 'BULK INSERT dict from 'c:\myfile.txt'. You may need to use special switches on the BULK INSERT depending on your text file - check BOL if you need help. File size Downloads 3202 Date Sun 12/28/2003 @ 05:00 Author EMail RATING:     DOWNLOAD sql7-lib.txt Snort ruleset for SQL Server monitoring by Todd Garrison File size Downloads 1044 Date Sat 12/27/2003 @ 03:59 Author EMail RATING:     DOWNLOAD HFNetChk Excellent tool for determining hotfix and service pack levels. From Microsoft and Shavlik. File size Downloads 1716 Date Sat 12/27/2003 @ 03:59 Author EMail RATING:     VISIT spdecrypt.zip Decrypt SQL Server 7.0 stored procedures by David Daniels File size Downloads 1825 Date Sat 12/27/2003 @ 03:58 Author EMail RATING:     DOWNLOAD sql2k_spcrypto.txt Decrypt SQL Server 2000 stored procedures from Bugtraq post by shoeboy File size Downloads 2985 Date Sat 12/27/2003 @ 03:58 Author EMail RATING:     DOWNLOAD

< BACK  1 of 1  NEXT >